Does AS Metabox have any unpatched vulnerabilities?

No. All known vulnerabilities in AS Metabox have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AS Metabox compatible with WordPress 4.8.28?

According to WordPress.org data, AS Metabox 1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is AS Metabox updated?

AS Metabox was last updated on Unknown. Frequent updates are generally a positive security signal.

What is AS Metabox's security score?

AS Metabox has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AS Metabox Security & Risk Analysis

wordpress.org/plugins/as-metabox

As Metabox Easy To Use WordPress Metabox Framework.

0 active installs v1.0 PHP + WP + Updated Unknown

as-metaboxmetabox-frameworksocial-pluginwordpress-metabox-frameworkwordpress-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AS Metabox Safe to Use in 2026?

Generally Safe

Score 100/100

AS Metabox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "as-metabox" plugin v1.0 presents a mixed security posture. On the positive side, it exhibits no known historical vulnerabilities and utilizes prepared statements for all SQL queries. It also implements nonce checks for its AJAX handlers and has a relatively small attack surface with no shortcodes, cron events, or REST API routes. However, significant concerns arise from the static analysis. The plugin uses the `unserialize` function twice, which is a known source of critical vulnerabilities if not handled with extreme care, especially when processing user-controlled data. Furthermore, only 13% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals two high-severity unsanitized flows, directly correlating with the identified dangerous functions and potential for XSS.

Key Concerns

Dangerous function: unserialize used twice
Output escaping is poor (13% proper)
High severity taint flows detected (2)
No capability checks on AJAX handlers

Vulnerabilities

None known

AS Metabox Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

AS Metabox Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

114

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = @unserialize($data);options\checkbox.php:144

unserialize$data = @unserialize($data);options\wp_select.php:62

Output Escaping

13% escaped131 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

as_save_all_metabox (core\core.php:166)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

AS Metabox Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_as_meta_get_group_optioncore\functions.php:80

authwp_ajax_as_meta_get_font_iconcore\functions.php:100

authwp_ajax_as_meta_wp_select_valcore\functions.php:149

WordPress Hooks 5

actionas_metabox_initconfig\metabox-config.php:5

actionadd_meta_boxescore\core.php:35

actionsave_postcore\core.php:36

actionplugins_loadedinc\plugin_load.php:8

actionadmin_enqueue_scriptsinc\scripts.php:38

Maintenance & Trust

AS Metabox Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedUnknown

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

AS Metabox Alternatives

Country & Phone Field Contact Form 7

country-phone-field-contact-form-7

100

Add country drop down with flags and phone number with country phone extension fields in contact form 7.

40K No CVEs

Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation

gs-logo-slider

Logo Slider: The best responsive plugin for Logo Showcase, Logo Carousel, and displaying clients' logos. Includes shortcode generator with preview!

30K 5 CVEs

Site Offline Or Coming Soon Or Maintenance Mode

site-offline

Site Offline plugin manage your WordPress website in under construction or maintenance mode or coming soon or landing page.

30K 1 unpatched

Quick Adsense

quick-adsense

Quick Adsense offers a quicker & flexible way to insert Google Adsense or any Ads code into a blog post.

20K 1 CVE

Hide Dashboard Notifications

wp-hide-backed-notices

Warnings and notices can be helpful for developers as they notify them for debugging issues with their code. Though these notices can be sometimes inf …

20K 2 CVEs

Developer Profile

AS Metabox Developer Profile

anuislam

5 plugins · 70 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AS Metabox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/as-metabox/assets/css/font-awesome.min.css/wp-content/plugins/as-metabox/assets/css/jquery-ui.min.css/wp-content/plugins/as-metabox/assets/css/animate.css/wp-content/plugins/as-metabox/assets/css/as_main.css/wp-content/plugins/as-metabox/assets/js/as_main.js

Script Paths

/wp-content/plugins/as-metabox/assets/js/as_main.js

Version Parameters

as-metabox/assets/css/font-awesome.min.css?ver=as-metabox/assets/css/jquery-ui.min.css?ver=as-metabox/assets/css/animate.css?ver=as-metabox/assets/css/as_main.css?ver=as-metabox/assets/js/as_main.js?ver=

HTML / DOM Fingerprints

CSS Classes

as-metabox-group-wrapperas-metabox-group-contentas-metabox-group-itemas-metabox-tabs-nav-wrapper

HTML Comments

+2 more

Data Attributes

data-formatdata-field-type

JS Globals

as_meta_local

FAQ